Articles in this section

Managing User S3 Permissions

Sara Levy
  • Updated
Follow

To enable S3 access:

  • Provide each client user with an S3 key pair for authenticating to the VAST Cluster S3 service. Key pairs can be created, removed, enabled and disabled via the VMS. A user can have up to two key pairs at any time.

  • As and when needed, grant special permissions to individual users. Special permissions include permission to create buckets, permission to delete buckets and S3 super user permissions to override ACLs in a bucket.

You can grant these permissions through the VAST Web UI or through the VAST CLI:

Managing S3 User Access from the VAST Web UI
Granting Access and Permissions

  1. In the Users tab of the User Management page, display the user for which you want to generate a key pair:

    • You can query VMS for an existing user. This can be either any user whose attributes were already retrieved from external authorization providers through NFS or SMB RPCs. It can also be an existing local user.

    • You can create a new user on the local provider.

  2. In the Actions column, click the ActionsButtonGUI2.png button for the user and then select Edit.

  3. In the Update User dialog, click Create new key.

    An access key is displayed with its status (enabled by default).

    The secret key is displayed below it with a Copy key button: 

  4. Click Copy key to copy the secret key to your clipboard.

    Important

    The secret key for this pair will not be shown again, so keep the key carefully to pass it onto the user.

  5. Optionally grant the user either or both of the special S3 permissions:

    • Allow create bucket. Allows the user to create S3 buckets.

    • Allow delete bucket. Allows the user to delete S3 buckets.

    • S3 Superuser. Allows the user full read and write access to data and metadata, overriding ACLs.

  6. Click Update to update the user definition.

    You can now provide the user with the access key and the secret key. 

Enabling and Disabling a Key Pair

  1. Display the user on the Users tab of the User Management page (see Querying Users).

  2. In the Actions column, click the ActionsButtonGUI2.png button for the user and select Edit.

    In the Update User dialog, the status of each of the user's key pairs is shown (enabled or disabled).

  3. To enable a key pair, click enable_key_button.png. To disable a key pair, click disable_button.png.

Removing a Key Pair

  1. Display the user on the Users tab of the User Management page (see Querying Users).

  2. In the Actions column, click the ActionsButtonGUI2.png button for the user and select Edit.

    In the Update User dialog, the access key of the key pair is listed.

  3. Click the delete button (delete_button.png) for the access key.

  4. Click Yes to confirm the removal.

    The key pair is removed.

Managing S3 Access from the VAST CLI
Generating an S3 Access Key Pair

To generate an S3 access key pair for a user, use the user generate-key command.

Granting S3 Permissions

Special S3 permissions can be granted to individual S3 users. These include permission to create buckets, permission to delete buckets, and permission to override ACLs (S3 superuser permission). To grant or remove any of these permissions, use one of the following commands:

  • For a user that resides on an external provider, use user query.

  • For a user on the local provider, use user modify.

Enabling and Disabling a Key Pair

To enable or disable an S3 access key pair, use user modify-key.

Removing a Key Pair

To remove a user's S3 access key pair, use user remove-key.

Related articles

Comments

0 comments

Article is closed for comments.